[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE
From: |
Tom Lord |
Subject: |
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE |
Date: |
Tue, 20 Jan 2004 19:05:08 -0800 (PST) |
> From: James Blackwell <address@hidden>
> Think you could do something like this? (slightly reformatted for mail)
> int
> verify_checksum ( t_uchar * checksum_file )
> {
[....]
If you mean within tla, no -- although it seems a trivially simple
solution it is not one I'd like to use.
Currently, the signing mechanism in tla is signing-regimen-agnostic.
You don't have to use gpg (or any other pgp work-similar). You could
cons up something with any crypto tool you like.
The problem is that gpg can sign a file, producing a .asc file output
-- but I don't see any mechanism by which I can ask gpg "Hey, is this
file the .asc file you made?" In particular, I can insert "junk"
before or after the gpg signature block and gpg just happily ignores
it.
Saying it again: given:
gpg --clearsign foo > foo.signed
I want to ask gpg (or some trivial script involving gpg): "is
foo.signed _exactly_ the output of gpg --clearsign foo?"
Would seem a simple and obvious functionality to want until you
realize that gpg doesn't make it easy.
-t
- [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, (continued)
- [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/22
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Robert Collins, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
- Re: [Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/24
[Gnu-arch-users] Re: (fairly minor) SECURITY ISSUE, Samuel Tardieu, 2004/01/21
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Geert Stappers, 2004/01/20
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, James Blackwell, 2004/01/20
- Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE,
Tom Lord <=
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, James Blackwell, 2004/01/20
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Andrew Suffield, 2004/01/21
Re: [Gnu-arch-users] (fairly minor) SECURITY ISSUE, Johannes Berg, 2004/01/22